---

- name: "[NGINX] - Create local ssl Directory"
  file:
    path: "{{ nginx_ssl_dir }}"
    state: directory
    mode: 0755

- name: "[NGINX] - Generate DH file"
  command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
  args:
    creates: "{{ nginx_dh_path }}"
  when: nginx_gen_dh == 'true'
  notify:
    - reload nginx

- name: "[NGINX] - Deploy DH file from vars"
  copy:
    content: "{{ nginx_dh }}"
    dest: "{{ nginx_dh_path }}"
  when: nginx_dh is defined
  notify:
    - reload nginx

- name: "[NGINX] - Create SSL keys subfolder"
  file:
    path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
    state: directory
    mode: 0755
  with_items: "{{ nginx_vhosts }}"
  when: item.copy_ssl is defined
  notify: reload nginx

- name: "[NGINX] - Deploy SSL keys"
  copy:
    src: "{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem"
    dest: "{{ nginx_ssl_dir}}/{{ item.ssl_name }}/privkey.pem"
    mode: 0700
  with_items: "{{ nginx_vhosts }}"
  when: item.copy_ssl is defined
  notify: reload nginx

- name: "[NGINX] - Deploy SSL certs"
  copy:
    src: "{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem"
    dest: "{{ nginx_ssl_dir}}/{{ item.ssl_name }}/fullchain.pem"
    mode: 0644
  with_items: "{{ nginx_vhosts }}"
  when: item.copy_ssl is defined
  notify: reload nginx

- name: "[SELFSIGNED] - Create Key folder"
  file:
    path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
    state: directory
    mode: 0755
  with_items: "{{ nginx_vhosts }}"
  when: item.selfsigned is defined and item.selfsigned == 'true'
  notify: reload nginx
  

- name: '[SELFSIGNED] - Create a self-signed key'
  openssl_privatekey:
    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                       
    size: 2048                                                                                          
    type: RSA 
  with_items: "{{ nginx_vhosts }}"
  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
  notify: reload nginx

- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'                                  
  openssl_csr:                                                                                          
    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                           
    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                               
  with_items: "{{ nginx_vhosts }}"
  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
  notify: reload nginx

- name: '[SELFSIGNED] - Create a self-signed certificate'                                                    
  openssl_certificate:                                                                                  
    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'                                                           
    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                              
    csr_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                       
    provider: selfsigned
  with_items: "{{ nginx_vhosts }}"
  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' 
  notify: reload nginx